How to Reset the User's Pass Phrase

Novell Cool Solutions: Feature

From the brilliant and long-suffering guys in the Novell IS&T group, here's a very handy cheat sheet to help you reset the iFolder Pass Phrase if (when) someone forgets it.

Situation

User calls and asks Helpdesk to reset their iFolder Pass Phrase. There are a number of situations that could prompt a user to make this call:

User is installing iFolder on a second workstation and cannot remember the Pass Phrase because they selected the "Remember Pass Phrase" option when installing the iFolder client on their first machine.

User has backed up files into iFolder before re-imaging a machine, and is not installing the iFolder client to recover the backed-up data.

User is trying to login using the Java Applet or NetStorage and cannot remember the Pass Phrase.

Background

When a user installs the iFolder client, they are first asked to authenticate to the iFolder server. They are then asked if they would like to encrypt their data. If they choose to encrypt their data, iFolder then prompts them for a Pass Phrase. This Pass Phrase then becomes a part of the key that is used to encrypt the data.

Each time a file is placed in the local iFolder, the iFolder client encrypts the file and transmits it to the iFolder server, where it is stored in that encrypted state. The files on the local workstation are not stored encrypted. When the iFolder client downloads an encrypted file from the iFolder server, the file is decrypted by the iFolder client then saved in the local iFolder data store (default = c:\My Documents\iFolder\userID\home).

All files are encrypted and decrypted in this manner. If the user wants to change the Pass Phrase then all of the files must be decrypted with the old Pass Phrase then encrypted again with the new Pass Phrase. Because each and every file would have to go through this process, the best way to accomplish this is to delete the entire iFolder account from the server and have the iFolder client encrypt the data and send it up to the server again. Below are the steps to follow.

Procedure

Login to the iFolder Server Administration page.

Find the user account and click on the link to display the user's information.

Look at the "Number of Connections" line. If this line does not show "0" you must have the user logout of their iFolder client. NOTE: All connections to this account must be disconnected before you will be able to remove the account.

Take note of the "Disk Quota" setting and the "Used Space" value. If either of these values is above 100MB (the default "Disk Quota" value for iFolder.i-Login.Net), you will need to adjust the Disk Quota value later. (See Step 11 below)

CONFIRM that the user has a sufficiently fast connection to facilitate the upload of the data after you remove the account. You probably don't want to do this over a dial-up type connection.

CONFIRM that the user has their data on their local disk. This is very important because you are about to delete the data from the server. NOTE: If the user does not have the data locally (see Situation 2 above) you do NOT want to delete the account, DO NOT proceed! Go to the NO LOCAL DATA paragraph below.

Click the "Remove User" button. You will be asked to confirm that you want to remove the account. Click "YES".
The user account has now been removed from the server. All of the user's data has also been deleted from the server.

Have the user Right Click on the iFolder client icon (in the system tray) and select "Login".

The user will be prompted to choose encryption again and asked for a new Pass Phrase. After the user has chosen a new Pass Phrase the iFolder client will log them in and create a new account with the default Disk Quota of 100MB.

Go to the user's account and adjust the Disk Quota with the value from step 4 above. The user may receive an error message saying that they don't have enough disk space to sync. Have them click on the OK button. This error will go away after you adjust the Disk Quota value.

The user's data should begin to sync back up to the server.

Instruct the user that it is very important that they don't forget this Pass Phrase.

You are now finished.

NO LOCAL DATA

If, during Step 6, you discover that the user does not have a copy of the data on the local disk do the following:

Explain to the user the information in the Background section above.

Tell them the only way to reset the Pass Phrase is to delete the data from the server and that you don't want to delete the only copy of the data.

Because their userID and password are correct, they can try as many times as it takes to come up with the Pass Phrase. Their account will not be locked out. But because the data is encrypted the only way to get it back is to have the Pass Phrase.